Security Awareness Training for Electric Entities

NERC CIP Versions 1-3 require entities to have training programs for individuals who have authorized cyber or authorized unescorted physical access to Critical Cyber Assets. The training programs must provide for quarterly security awareness training as well as annual cyber security training on a variety of topics. SANS Institute's Securing the Human now has an awareness training program that addresses these NERC-CIP compliance standards for Utilities. As CIP version 5 approaches, existing training programs will need to be expanded and modified to address new areas and new employees not previously in scope of the NERC CIP requirements.

This half-day session will walk through CIP V1-3 and CIP Version 5 training program requirements and will demonstrate the SANS security awareness offerings for electric sector entities. The session will also demonstrate the new SANS engineer and operator focused cybersecurity awareness training, that was developed to go beyond compliance and truly target the development of secure behaviors for the employees that are interfacing with the ICS technology on a daily basis.